Director, IT

Summary

The Director of Information Technology is a senior leader responsible for setting the strategic direction, governance, and overall performance of the organization's technology, cybersecurity, data privacy, artificial intelligence (AI) governance, and digital transformation initiatives. For cybersecurity and data privacy, CIVCO's parent company owns the overall strategic framework for these areas. This role focuses on leadership, strategy, and oversight-not individual technical contribution-and ensures that technology investments, privacy programs, AI initiatives, and security practices align with organizational goals and regulatory requirements. The Director partners with executive leadership and cross-functional teams to define priorities, mature the security and privacy posture, advance responsible AI adoption, optimize enterprise systems, and ensure that technology supports the company's long-term success.

Essential Duties and Responsibilities include the following. (Other duties may be assigned.)

Enterprise Technology Strategy & Governance

• Establish and maintain the enterprise IT, cybersecurity, privacy, and AI governance roadmap aligned with business strategy, growth objectives, regulatory requirements, and parent company frameworks.
• Advise executive leadership on technology direction, cybersecurity and privacy risk, AI trends, and digital transformation opportunities.
• Govern enterprise architecture, cloud strategy, and technology investment decisions to ensure scalability, operational efficiency, and compliance.

Cybersecurity Leadership

• Own enterprise cybersecurity leadership, executing the parent company security framework and maturity roadmap.
• Govern threat management, vulnerability management, identity and access controls, data protection, incident response planning, and security awareness programs.
• Provide reporting to executive team on cybersecurity risks, initiatives, metrics, and overall enterprise security posture.

Data Privacy Leadership

• Serve as the organization's data privacy leader, implementing enterprise privacy policies, standards, training, and controls aligned with parent company requirements.
• Oversee privacy impact assessments, data lifecycle governance, data minimization, and retention practices.
• Lead organizational readiness response for privacy-related incidents and regulatory inquiries.

Artificial Intelligence Governance & Enablement

• Lead the enterprise AI governance program, establishing policies, ethical standards, and approval processes for responsible AI use.
• Evaluate and approve AI use cases and third-party AI platforms to ensure alignment with cybersecurity, privacy, regulatory, and risk requirements.
• Partner with business leaders to enable AI-driven automation, decision support, and operational efficiencies that deliver measurable business value.

Enterprise Applications, Data & Business Enablement

• Own oversight for ERP, CRM, MES, Office365 and other enterprise systems, including solution lifecycle planning and integration strategy.
• Guide technology evaluation, solution selection, modernization initiatives, and system integrations in partnership with business stakeholders.
• Enable digital transformation, process optimization, and improved enterprise data visibility across all functions.

Organizational Leadership & Performance Management

• Build and lead a high-performing IT & Security organization through workforce planning, hiring, talent development, coaching, and performance management.
• Establish, monitor, and report department-level KPIs for IT, cybersecurity, privacy, and AI governance, driving accountability and continuous improvement.
• Ensure effective prioritization of resources and alignment of initiatives with enterprise strategy and business outcomes.

Vendor, Financial & Contract Oversight

• Serve as owner for technology, cybersecurity, and managed service vendors and partners.
• Lead contract negotiation, licensing strategy, vendor performance management, and service delivery governance.
• Manage departmental budgets, capital planning, forecasting, and technology investment prioritization.

Business Continuity, Risk & Incident Leadership

• Govern IT business continuity, disaster recovery, and cybersecurity incident response programs aligned with enterprise risk tolerance and business requirements.
• Act as company incident leader for significant technology, cybersecurity, or privacy events, coordinating cross-functional response and executive communications.
• Provide oversight and reporting for technology-related resilience, continuity, and enterprise risk management.

Parent Company & Enterprise Collaboration

• Serve as the primary liaison with parent company on cybersecurity and data privacy to ensure alignment, escalation, and effective execution of shared initiatives.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education, Experience, and Certifications

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Engineering, or related field (advanced degree preferred).
• 10+ years of progressive IT experience, with at least 5 years in departmental or enterprise leadership roles.
• Demonstrated success in strategic planning, technology governance, cybersecurity, privacy, or digital transformation leadership.
• Experience guiding and managing O365 environments
• Experience guiding ERP or major enterprise systems (INFOR XA a plus).
• Experience working in regulated environments with strong compliance expectations.
• Security or privacy certifications preferred (CISA, CISSP, CIPM, CIPP/E, Security+, etc.).
• Experience overseeing AI governance or emerging technology initiatives is a plus.

Essential Knowledge, Skills and Abilities

• Executive-level communication and stakeholder engagement capabilities.
• Strong understanding of cybersecurity, IT governance, data privacy regulation, and responsible AI principles.
• Demonstrated leadership skills with experience managing teams, budgets, and complex technology portfolios.
• Ability to translate business needs into strategic programs and initiatives.
• Strong vendor management, negotiation, and contract oversight capabilities.
• Excellent analytical, organizational, and decision-making skills.
• Ability to travel up to 20% (including Juarez Mexico).

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to use hands to finger, handle, or feel and talk or hear. The employee is frequently required to stand; walk and sit. The employee is occasionally required to reach with hands and arms. The employee must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually moderate. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.